Tianhan Lu scite author profile

Tianhan Lu

4Publications

3Citation Statements Received

136Citation Statements Given

How they've been cited

How they cite others

136

Affiliations

University of Colorado Boulder

Publications

Order By: Most citations

Selectively-Amortized Resource Bounding

Chang

Trivedi

2021

View full text Add to dashboard Cite

Managing resource usage has become a critical concern for software developers as software development continues to grow in complexity. This thesis focuses on the practical aspects of automatically proving resource bounds by investigating how to bound an integer-valued resource variable by a given program expression. The automatic resource bound analysis has become increasingly important in detecting performance bugs, preventing algorithmic-complexity attacks, and identifying side-channel vulnerabilities. This thesis puts forth a novel paradigm of selectively-amortized resource bounding for practical yet sound analysis of resource usage.The most simple and common approach, which we refer to as the worst-case reasoning, involves reducing the problem to the reachability bound problem. This method infers the maximum number of times a location can be visited, multiplies it by the worst-case cost at this location among all visits, and sums up such products for all locations. However, this approach fails to work for non-terminating programs like reactive programs, as the number of times a location can be reached may be unbounded.To address this limitation, we adapt worst-case reasoning to work with non-terminating programs by introducing counters-auxiliary variables that track the number of times a location is reached-and specifying inductive relations that describe the worst-case reasoning using these counters. To handle unboundedness, we infer additional invariants about counters that describe the control flow. This approach is type-directed, and the inductive relations can be viewed as refinement types that can be validated by a type checking system. However, worst-case reasoning, including the aforementioned type-directed approach, can become highly imprecise when the costs at a location vary widely among various iterations. This situation is particularly common in the design and analysis of leading data structures and algorithms iii that take advantage of amortization to achieve better overall performance, such as dynamic arrays and search structures. To address the imprecision that arises due to wide cost variations, one remedy is to use the most precise reasoning, which we dub fully-amortized reasoning. This approach accurately approximates the total resource usage before and after a transition by inferring flow-sensitive invariants. However, the practicality of this approach is limited since the required invariants are often complex polynomials that can be challenging to reliably infer. This thesis introduces and focuses around a novel paradigm called selectively-amortized reasoning, which combines the simplicity of worst-case reasoning with the precision of fullyamortized reasoning. Selectively-amortized reasoning defines a spectrum of analysis by adjusting the analysis precision and simplicity, with worst-case reasoning being the simplest and fullyamortized reasoning being the most precise. To analyze a trace's total resource usage, one decomposes the trace into subtraces, applies fully-amortized reasoning wit...

show abstract

Type-Directed Bounding of Collections in Reactive Programs

Černý

Chang

et al. 2019

View full text Add to dashboard Cite

Our aim is to statically verify that in a given reactive program, the length of collection variables does not grow beyond a given bound. We propose a scalable type-based technique that checks that each collection variable has a given refinement type that specifies constraints about its length. A novel feature of our refinement types is that the refinements can refer to AST counters that track how many times an AST node has been executed. This feature enables type refinements to track limited flow-sensitive information. We generate verification conditions that ensure that the AST counters are used consistently, and that the types imply the given bound. The verification conditions are discharged by an off-the-shelf SMT solver. Experimental results demonstrate that our technique is scalable, and effective at verifying reactive programs with respect to requirements on length of collections.

show abstract

Type-directed Bounding of Collections in Reactive Programs

Lu¹,

Černý²,

Chang³

et al. 2018

Preprint

View full text Add to dashboard Cite

Towards Denial-of-Service Memory Vulnerabilities

Lu¹,

Lee²,

Liao³

2019

JSW

View full text Add to dashboard Cite

We address the problem of verifying a program to be free of Denial-of-Service memory vulnerabilities. More specifically, we define a program to be safe from DoS attacks if its memory usage at any time during execution is linear to sizes of its inputs. We design an analysis algorithm that verifies if a program satisfies this definition, and reports code snippets in the program that may cause a nonlinear amount of memory usage in case the verification fails. We also formally prove the correctness of our algorithm w.r.t. the above definition. Our experimental results indicate that the analysis algorithm is both effective and efficient.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tianhan Lu

Selectively-Amortized Resource Bounding

Type-Directed Bounding of Collections in Reactive Programs

Type-directed Bounding of Collections in Reactive Programs

Towards Denial-of-Service Memory Vulnerabilities

Contact Info

Product

Resources

About